New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubectl should apply OpenAPI schema defaults before OpenAPI schema validation #108768
Comments
/sig api-machinery cli |
/assign @seans3 |
/triage accept |
@seans3: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/triage accepted |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
I think there's a misunderstanding. There is an absolute key rule here though, it's that kubectl will NEVER apply the defaults. A field can not both have a default and be required, that makes no sense. You can't say that a field MUST be present, but if it's not present it will be given a default value, that's impossible. I'm going to give kubernetes-sigs/cluster-api#6398 a look to make sure I understand the purpose correctly, but that seems wrong, and we should be able to close this right now since that's never going to happen. |
I think the corresponding CAPI issue is not necessarily relevant. What mainly confused us was that on the client-side we run OpenAPI validation while on the server-side we first run OpenAPI defaulting and then OpenAPI validation. This means of course that the OpenAPI schema validation on client-side will have different results then the one on server-side. |
Yeah, sorry, I realized later too that the api-server runs defaulting before validation. Without having spent too much time thinking about that, that seems like a design problem. I'm still pretty convinced we should mark these fields as non-required. |
And we can't get kubectl to do that to be honest, but we're deprecating client-side validation anyway so this should go away soon hopefully. |
Ah perfect, that's just as good for me, probably even better :) |
Awesome, I'm going to close that for now then if you don't mind ... |
What would you like to be added?
Today kubectl runs OpenAPI schema validation on e.g.
kubectl apply
without applying OpenAPI schema defaults before. (although validation can be disabled with --validate=false).It would be great if kubectl could apply defaults before validation like the apiserver.
Why is this needed?
Example:
Let's assume we have the following required port field in a CRD:
In this case a user shouldn't have to set the port field because the APIserver first sets the default (6443) before validating if the required field exists.
With
kubectl apply
users get an error that the required field is not set.A workaround is to use
kubectl apply --validate=false
instead.Because we don't want to confuse our users, in ClusterAPI we made fields like this optional to avoid forcing users to set required fields on the client-side when they are not actually required because they have a default value.
The text was updated successfully, but these errors were encountered: